We are proud to announce that we have recently achieved AWS Security Competency Partner status. This status exemplifies our technical expertise and dedication to helping customers secure their software at every stage of cloud adoption.
This week we’ve added new Kotlin & Swift Courses to the Security Labs catalog! The update includes 4-5 Kotlin (Android) labs and 4 Swift (iOS) labs that cover common mobile security topics such as secret storage, authorization, and custom URL handling.
A SQL injection flaw allows for an attacker to modify or inject SQL syntax into the request to make the application behave in a manner that was not initially intended. In other words, an attacker can change a database query to: Now with almost all web applications having integrations with databases in some way, this flaw has the potential to arise often. However, many frameworks and libraries are available to make database connections and queries safe.
Before we jump into definitions, let’s quickly level set on how we got here. Over the last few years, the way we build software has changed drastically. With the increasing need to move faster and release more frequently, organizations are opting to get rid of monolithic architectures and adopt a microservices architecture for greater agility, resiliency, and efficiency.
The 12th volume of our annual State of Software Security (SOSS) report is now live! Rather than examining a single year of activity associated with an application, in this year's report we looked at the entire history of active applications. By doing so, we can view the full life cycle of applications, which results in more accurate metrics and observations.
Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?
It’s Clint Pollock, principal solutions architect, here for the final lesson in the four-part series on how to use Veracode from the command line in the Cloud9 IDE to submit a software composition analysis (SCA) scan and a dynamic scan. To start, if you’re looking to leverage the Veracode API signing docker image with the Veracode rest APIs, go to the Help Center, go to the Rest API section, and take a look at the available options.
The Open Web Application Security Project (OWASP) is a nonprofit organization with the purpose to help secure software. They provide data that can give engineering and security teams a better idea of where the most common risks may lie. The 2021 OWASP Top 10, released in November 2021, lists the most critical web application security risks. But OWASP also maintains the API Security Top 10 project which was last updated in 2019. Each category is ranked based on the frequency and severity of the defect.
